fix: resolve E2E test failures and verify all scenarios

- Fix failures.rs Scenario 4 (Session Expiry): use warp_to_slot to ensure expiry
- Fix failures.rs Scenario 5 (Admin Perms): fix instruction data and account order
- Fix cross_wallet_attacks.rs: fix instruction data and signing keypairs
- Add warp_to_slot to TestContext
- All E2E tests PASS

Author: onspeedhp

tests-e2e/TEST_ISSUES.md

@@ -1,46 +1,31 @@
 # E2E Test Issues
 
-## Issue #1: `failures.rs` Scenario 3 - Spender Privilege Escalation Test
-
-**Status**: 🔴 Broken  
-**Priority**: Medium  
-**File**: `tests-e2e/src/scenarios/failures.rs` (lines 225-290)
-
-### Problem
-Test has incorrect logic - mixes CreateSession and AddAuthority concepts:
-- Creates `session_pda` and `session_auth_pda` with session keypair seeds
-- But uses AddAuthority instruction discriminator `[1, 3]`
-- Account list doesn't match either CreateSession or AddAuthority expected format
-- Error: `InvalidInstructionData` (consumed only 113 compute units)
-
-### Root Cause
-Test was likely written during refactoring and instruction formats changed. The test:
-1. Sets up PDAs for session creation
-2. But instruction data is for AddAuthority (discriminator 1)
-3. Account order is wrong for both instructions
-
-### Fix Required
-Decide what this test should actually verify:
-- **Option A**: Test that spender cannot call AddAuthority → fix instruction data and accounts
-- **Option B**: Test that expired session cannot be used → rewrite as proper CreateSession + Execute flow
-
-### Affected Code
-```rust
-// Line 268-272 - Instruction data is mixed up
-data: [
-    vec![1, 3],                         // AddAuthority(Session) ← WRONG
-    (now - 100).to_le_bytes().to_vec(), // Expires in past
-]
-.concat(),
-```
-
----
-
-## Issue #2: Other Skipped Tests Not Running
-
-Tests after scenario 3 failure are skipped:
-- Cross Wallet Attacks
-- DoS Attack  
+## Resolved Issues
+
+### Issue #1: `failures.rs` Scenario 3 - Spender Privilege Escalation Test
+**Status**: ✅ Fixed
+**Fix**: Corrected account order (payer first) and used proper instruction data format.
+
+### Issue #2: `failures.rs` Scenario 4 - Session Expiry
+**Status**: ✅ Fixed
+**Fix**: Updated CreateSession format, switched to slot-based expiry, and used `warp_to_slot` to ensure expiry.
+
+### Issue #3: `failures.rs` Scenario 5 - Admin Permission Constraints
+**Status**: ✅ Fixed
+**Fix**: Corrected AddAuthority instruction data and account order.
+
+### Issue #4: `cross_wallet_attacks.rs` Malformed Data
+**Status**: ✅ Fixed
+**Fix**: Corrected malformed `vec![1,1]` data to full `add_cross_data`.
+
+### Issue #5: `cross_wallet_attacks.rs` Keypair Mismatch
+**Status**: ✅ Fixed
+**Fix**: Removed unused owner keypair from transaction signing to match instruction accounts.
+
+## Current Status
+All E2E scenarios are PASSING.
+- Happy Path
+- Failures (5/5)
+- Cross Wallet (3/3)
+- DoS Attack
 - Audit Validations
-
-These should run after fixing Issue #1.

tests-e2e/src/common.rs

@@ -78,6 +78,10 @@ impl TestContext {
             .get_account(&addr)
             .ok_or_else(|| anyhow!("Account not found"))
     }
+
+    pub fn warp_to_slot(&mut self, slot: u64) {
+        self.svm.warp_to_slot(slot);
+    }
 }
 
 pub trait ToAddress {

tests-e2e/src/scenarios/cross_wallet_attacks.rs

@@ -68,7 +68,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
         Some(&Signer::pubkey(&ctx.payer).to_address()),
     );
     let mut create_a_tx = Transaction::new_unsigned(message_a);
-    create_a_tx.sign(&[&ctx.payer, &owner_a], ctx.svm.latest_blockhash());
+    create_a_tx.sign(&[&ctx.payer], ctx.svm.latest_blockhash());
 
     ctx.execute_tx(create_a_tx)?;
 
@@ -99,7 +99,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
         Some(&Signer::pubkey(&ctx.payer).to_address()),
     );
     let mut create_b_tx = Transaction::new_unsigned(message_b);
-    create_b_tx.sign(&[&ctx.payer, &owner_b], ctx.svm.latest_blockhash());
+    create_b_tx.sign(&[&ctx.payer], ctx.svm.latest_blockhash());
 
     ctx.execute_tx(create_b_tx)?;
 
@@ -132,7 +132,7 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
             AccountMeta::new_readonly(Signer::pubkey(&owner_a).to_address(), true), // Owner A signing
         ],
-        data: vec![1, 1],
+        data: add_cross_data,
     };
 
     let message_cross = Message::new(

tests-e2e/src/scenarios/failures.rs

@@ -143,14 +143,6 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
         ],
         &ctx.program_id,
     );
-    let (spender_b_auth_pda, _) = Pubkey::find_program_address(
-        &[
-            b"authority",
-            wallet_pda.as_ref(),
-            Signer::pubkey(&spender_keypair).as_ref(),
-        ],
-        &ctx.program_id,
-    );
 
     // Add Spender (by Owner)
     let mut add_spender_data = vec![1]; // AddAuthority
@@ -163,14 +155,14 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
     let add_spender_ix = Instruction {
         program_id: ctx.program_id.to_address(),
         accounts: vec![
-            AccountMeta::new(wallet_pda.to_address(), false),
-            AccountMeta::new(owner_auth_pda.to_address(), false), // auth
-            AccountMeta::new(spender_b_auth_pda.to_address(), false), // target
-            AccountMeta::new(Signer::pubkey(&owner_keypair).to_address(), true), // signer
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
+            AccountMeta::new(wallet_pda.to_address(), false),
+            AccountMeta::new_readonly(owner_auth_pda.to_address(), false), // auth
+            AccountMeta::new(spender_auth_pda.to_address(), false),        // target
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(Signer::pubkey(&owner_keypair).to_address(), true), // signer
         ],
-        data: vec![1, 2], // AddAuthority(Spender)
+        data: add_spender_data,
     };
 
     let message = Message::new(
@@ -204,14 +196,14 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
     let malicious_ix = Instruction {
         program_id: ctx.program_id.to_address(),
         accounts: vec![
-            AccountMeta::new(wallet_pda.to_address(), false),
-            AccountMeta::new(spender_b_auth_pda.to_address(), false), // Spender auth
-            AccountMeta::new(owner_auth_pda.to_address(), false),     // Target (Owner)
-            AccountMeta::new(Signer::pubkey(&spender_keypair).to_address(), true), // Signer
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
+            AccountMeta::new(wallet_pda.to_address(), false),
+            AccountMeta::new_readonly(spender_auth_pda.to_address(), false), // Spender auth
+            AccountMeta::new(bad_admin_pda.to_address(), false),             // Target (Bad admin)
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(Signer::pubkey(&spender_keypair).to_address(), true), // Signer
         ],
-        data: vec![1, 2], // Try to add Spender (doesn't matter, auth check fails first)
+        data: malicious_add,
     };
 
     let message = Message::new(
@@ -236,40 +228,28 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
         ],
         &ctx.program_id,
     );
-    let (session_auth_pda, _) = Pubkey::find_program_address(
-        &[
-            b"authority",
-            wallet_pda.as_ref(),
-            session_keypair.pubkey().as_ref(),
-        ],
-        &ctx.program_id,
-    );
-    // Use previously initialized clock
-    // let clock: solana_clock::Clock = ctx.svm.get_sysvar(); // Already initialized
-    // Re-get it to be safe if svm advanced
+    // Use slot-based expiry
     let clock: solana_clock::Clock = ctx.svm.get_sysvar();
-    let now = clock.unix_timestamp as u64;
+    let current_slot = clock.slot;
+    let expires_at = current_slot + 50; // Expires in 50 slots
 
-    let mut session_create_data = vec![5]; // CreateSession
-    session_create_data.extend_from_slice(session_keypair.pubkey().as_ref());
-    session_create_data.extend_from_slice(&0u64.to_le_bytes()); // Expires at 0 (Genesis)
+    let mut session_data = Vec::new();
+    session_data.push(5); // CreateSession
+    session_data.extend_from_slice(session_keypair.pubkey().as_ref());
+    session_data.extend_from_slice(&expires_at.to_le_bytes());
 
     let create_session_ix = Instruction {
         program_id: ctx.program_id.to_address(),
         accounts: vec![
-            AccountMeta::new(wallet_pda.to_address(), false),
-            AccountMeta::new(owner_auth_pda.to_address(), false),
-            AccountMeta::new(session_auth_pda.to_address(), false),
-            AccountMeta::new(Signer::pubkey(&owner_keypair).to_address(), true),
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
+            AccountMeta::new_readonly(wallet_pda.to_address(), false),
+            AccountMeta::new_readonly(owner_auth_pda.to_address(), false),
+            AccountMeta::new(session_pda.to_address(), false),
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
             AccountMeta::new_readonly(solana_sysvar::rent::ID.to_address(), false),
+            AccountMeta::new_readonly(Signer::pubkey(&owner_keypair).to_address(), true),
         ],
-        data: [
-            vec![1, 3],                         // AddAuthority(Session)
-            (now - 100).to_le_bytes().to_vec(), // Expires in past
-        ]
-        .concat(),
+        data: session_data,
     };
 
     let message = Message::new(
@@ -281,16 +261,22 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
 
     ctx.execute_tx(create_session_tx)?;
 
+    // Warp to future slot to expire session
+    ctx.warp_to_slot(current_slot + 100);
+
     // Try to Execute with Expired Session
+    let mut exec_payload = vec![4]; // Execute
+    exec_payload.push(0); // Empty compact instructions
     let exec_expired_ix = Instruction {
         program_id: ctx.program_id.to_address(),
         accounts: vec![
-            AccountMeta::new(wallet_pda.to_address(), false),
-            AccountMeta::new(session_auth_pda.to_address(), false),
-            AccountMeta::new(Signer::pubkey(&session_keypair).to_address(), true),
-            AccountMeta::new_readonly(solana_system_program::id().to_address(), false), // target to invoke (system)
+            AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true), // Payer
+            AccountMeta::new(wallet_pda.to_address(), false),                // Wallet
+            AccountMeta::new(session_pda.to_address(), false), // Authority (Session PDA)
+            AccountMeta::new(vault_pda.to_address(), false),   // Vault
+            AccountMeta::new_readonly(Signer::pubkey(&session_keypair).to_address(), true), // Session Signer
         ],
-        data: vec![3, 0], // Execute payload (empty for test)
+        data: exec_payload,
     };
 
     let message = Message::new(
@@ -327,14 +313,14 @@ pub fn run(ctx: &mut TestContext) -> Result<()> {
     let add_admin_ix = Instruction {
         program_id: ctx.program_id.to_address(),
         accounts: vec![
-            AccountMeta::new(wallet_pda.to_address(), false),
-            AccountMeta::new(owner_auth_pda.to_address(), false), // auth
-            AccountMeta::new(admin_auth_pda.to_address(), false), // target
-            AccountMeta::new(Signer::pubkey(&owner_keypair).to_address(), true), // signer
             AccountMeta::new(Signer::pubkey(&ctx.payer).to_address(), true),
+            AccountMeta::new(wallet_pda.to_address(), false),
+            AccountMeta::new_readonly(owner_auth_pda.to_address(), false), // auth
+            AccountMeta::new(admin_auth_pda.to_address(), false),          // target
             AccountMeta::new_readonly(solana_system_program::id().to_address(), false),
+            AccountMeta::new_readonly(Signer::pubkey(&owner_keypair).to_address(), true), // signer
         ],
-        data: vec![1, 1], // AddAuthority(Admin)
+        data: add_admin_data,
     };
 
     let message = Message::new(